niochat / nio

💬 Nio is an upcoming matrix client for iOS.
https://nio.chat
Mozilla Public License 2.0
541 stars 43 forks source link

Feature request (override-dns-in-https-connection) #197

Open gggin opened 4 years ago

gggin commented 4 years ago

In the world, specially regiones. A person can only have a server without domain, but he want the https. Can you add this feature in UI, for a custom domain that can use special ip address?

https://stackoverflow.com/questions/24350150/how-to-override-dns-in-http-connections-in-java

another people try to solve problem, but the answer is not very good. https://www.binwang.me/2020-09-08-Build-An-Instant-Messaging-System-without-Censorship-Deployment-Options.html

kiliankoe commented 4 years ago

Hi @gggin, thanks for the issue. I'm not quite sure I fully understand what you're proposing here. I assume you're looking for a solution to use TLS without a domain for your homeserver?

It's definitely on the list to further look into this, but please be aware that it's not a very high priority right now. Nio needs a lot of work before it becomes a usable client first.

gggin commented 4 years ago

Thank you for response. The normal way is buy a VPS then use let's encrypt + (buy a domain) ==> (pubkey + privatekey) then dns domain->VPS(ip). But in some place(Rules and policies)the dns(domain->VPS[ip]) is be killed.(In this place we do not talk about why).

But I also can use let'encrypt + (buy a domain). So the easiest way to support this is add a dns hook in client (I want my friends use this client, but they don't know much about computers, i cannot let them set custom dns server or change /etc/hosts in linux). So the client need a way to set dns hook(hosts). Then people only need is {let'encrypt + (buy a domain).}

Another feature is a very common way(unsafe): let client support custom self signed certificate. but how to depoly the self signed certificate's root CA (maybe middle man attach, old problem, So we always trust the biggest good reputation CAs in the whole world), but I can give my friend my self signed certificate root CA, they trust me, then the CA can be trusted.(only in matrix client , not whole OS), So the client need a way to import trust CA. Then people only need is a VPS (no let'encrypt no domain)

A reason for this feature: If we want to use some communication software being monitored, there are many choices. So this feature is useful for some people in the world.

Your thinking is right, the high priority is to make a usable client, thank you again for you response.